Virtual DPO Services

Flexible packages for short or long term solutions to the Data Protection Officer conundrum.
Our most popular program was built for small to mid size businesses that are not mandated to have a DPO but are desirous of having access to such knowledge yet find it a cost prohibited luxury.

  • 1 full day per month for 12 months
  • Unlimited questions at any time (reasonable use of course)
  • Priority support in case of data breach
  • Use of our DPO email if desired
  • Use of our name as your assigned DPO if desired

Flexibility is key to everything we do. We can bring forward service days to assist when times are busy. This may be during the first months as we agree a plan for the coming 12 months, review the current status, introduce elements such as Record of Processing Activity (RoPA) and Data Protection Impact Assessments (DPIA) or our exit from the EU gets closer. You may already have all the elements in place and need a trusted, skilled source to review the processing of records, any DPIA's, Legititmate Interest assessment (LIA), data retention and deletion for that month.

Did you know that a website should display a ‘Privacy Notice’ not a ‘Privacy Policy’.

Your privacy policy should be specific to your organisation with highly detailed information on procedures and products as used in your organisation. It should be confidential to your company as hackers welcome that sort of information as a good starting point.

The first, and possibly best, piece of advice we have given to all our customers is ‘don’t lose any data’. This stacks up well when another of our teachings is considered – ‘the ICO are not looking for you’.

The second piece of advice is that ‘compliance is not possible’ and anyone offering to ‘make you compliant’ needs to be shown the door as they for sure have no genuine comprehension of the regulations and are only looking to extract cash from your wallet.

Think back to pre-25th May 2018 when consultants, companies and product vendors alike attempted to frighten us all by claiming a 4% of turnover fine would be the punishment for not purchasing their services or products. Who has egg on their faces now? Although plenty of them made lots of money using that tactic so probably don’t care much anyway.

We are genuine experts in GDPR and PECR, and by extension general data and privacy protection.

We assist and encourage GDPR adherence rather than compliance. A small matter of semantics but very important.

We bring pragmatism to the table and encourage a balance of risk and investment.

We openly point out that the ICO have publicly stated that they wish to work with companies rather than fine them. That is provided the company can be seen to have taken some steps, appropriate for their size and industry sector.

We are happy to have an informal chat, and/or to provide customer references as appropriate.

As part of our consultancy service we can offer:

  • Service to becoming GDPR adherent
  • Service to maintain GDPR adherence
  • A full GDPR and PECR Pack
  • Data discovery service
  • A data protection officer
  • Incident Management service
  • Advice on technology to support data protection
  • Data Protection Training

GDPR Pack contains:

  • Privacy Notice
  • Data Protection Policy
  • GDPR Readiness Statement
  • Multiple Procedures to cover all GDPR aspects
  • Incident Response document
  • Data Location and mapping
  • Staff Training
  • Technology Appraisal


IT consulting, services and supply. 35 years experience in IT including running IT department, procurement, marketing and technical sales. Our core philosophy is one of honesty and integrity. We only have engineers, no wide boys and everyone is focussed on doing the right thing for the customer.


  Amalfi Technology Consulting Ltd
25 Watchetts Drive, Camberley. GU15 2PQ

  01276 786102